PHP 7.2: SIGSEGV in OpenSSL

Stefan Bethke stb at lassitu.de
Mon Jan 21 18:59:04 UTC 2019 

I'm seeing a lot of coredumps with a stack trace similar to this, on a 12-stable machine:

# gdb /usr/local/sbin/httpd /httpd.core 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `/usr/local/sbin/httpd -DNOHTTPACCEPT'.
Program terminated with signal 11, Segmentation fault.
...
(gdb) bt
#0  openssl_lh_strcasehash (c=0x803466cf2 <Address 0x803466cf2 out of bounds>)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:361
#1  0x000000080138564d in obj_name_hash (a=0x7fffffffe9d0)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/objects/o_names.c:166
#2  0x000000080143be77 in OPENSSL_LH_delete (lh=0x800a27240, 
    data=0x7fffffffe9d0)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:302
#3  0x00000008013852c8 in OBJ_NAME_remove (
    name=0x803466cf2 <Address 0x803466cf2 out of bounds>, type=1)
    at obj_lcl.h:12
#4  0x000000080143c15a in OPENSSL_LH_doall (lh=0x800a27240, 
    func=0x8013855c0 <names_lh_free_doall>)
    at /freebsd/checkout/src/12/crypto/openssl/crypto/lhash/lhash.c:198
#5  0x0000000801385558 in OBJ_NAME_cleanup (type=1) at obj_lcl.h:12
#6  0x0000000801392918 in evp_cleanup_int ()
    at /freebsd/checkout/src/12/crypto/openssl/crypto/evp/names.c:83
#7  0x000000080146e39d in OPENSSL_cleanup ()
    at /freebsd/checkout/src/12/crypto/openssl/crypto/init.c:567
#8  0x00000008007a24e5 in __cxa_finalize (dso=0x0)
    at /freebsd/checkout/src/12/lib/libc/stdlib/atexit.c:233
#9  0x00000008007320e1 in exit (status=54947058)
    at /freebsd/checkout/src/12/lib/libc/stdlib/exit.c:62
#10 0x0000000800a55118 in ?? ()
#11 0x00007fffffffeb90 in ?? ()

The one case I could isolate the PHP code is calling stream_socket_enable_crypto(), but I suspect there might be others. Is anybody else seeing this?


Stefan

-- 
Stefan Bethke <stb at lassitu.de>   Fon +49 151 14070811

More information about the freebsd-ports mailing list